CVE-2008-6954: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
(updated )
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
References
- freshmeat.net/projects/cobbler/releases/288374
- exchange.xforce.ibmcloud.com/vulnerabilities/46625
- github.com/advisories/GHSA-p8w2-f44p-fmcj
- nvd.nist.gov/vuln/detail/CVE-2008-6954
- web.archive.org/web/20111227125913/http://secunia.com/advisories/32804
- web.archive.org/web/20111227151912/http://secunia.com/advisories/32737
- web.archive.org/web/20200228143518/http://www.securityfocus.com/bid/32317
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html
Code Behaviors & Features
Detect and mitigate CVE-2008-6954 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →